GitLab Product Security Update Advisory (CVE-2024-6385)

Jul 12 2024

Overview

An update has been released to address vulnerabilities in GitLab products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-6385

GitLab CE/EE versions: 15.8 (inclusive) ~ 16.11.6 (excluded)
GitLab CE/EE versions: 17.0 (inclusive) ~ 17.0.4 (excluded)
GitLab CE/EE versions: 17.1 (inclusive) ~ 17.1.2 (excluded)

Resolved Vulnerabilities

Vulnerability that allows an attacker to trigger a pipeline as another user under certain circumstances (CVE-2024-6385)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-6385

GitLab CE/EE version: 16.11.6
GitLab CE/EE version: 17.0.4
GitLab CE/EE version: 17.1.2

Referenced Sites

[1] CVE-2024-6385 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6385

[2] GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6

https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/

GitLab Product Security Update Advisory (CVE-2024-6385)

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Exim Product Security Update Advisory (CVE-2024-39929)

Tags:

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Exim Product Security Update Advisory (CVE-2024-39929)